Aki Helin discovered a crash in the YARR regular expression library that
could be triggered by javascript in web content. (CVE-2011-3661)

It was discovered that a flaw in the Mozilla SVG implementation could
result in an out-of-bounds memory access if SVG elements were removed
during a DOMAttrModified event handler. An attacker could potentially
exploit this vulnerability to crash Firefox. (CVE-2011-3658)

Mario Heiderich discovered it was possible to use SVG animation accessKey
events to detect key strokes even when JavaScript was disabled. A malicious
web page could potentially exploit this to trick a user into interacting
with a prompt thinking it came from the browser in a context where the user
believed scripting was disabled. (CVE-2011-3663)

It was discovered that it was possible to crash Firefox when scaling an OGG
<video> element to extreme sizes. (CVE-2011-3665)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
firefox 9.0.1+build1-0ubuntu0.11.10.2

Ubuntu 11.04:
firefox 9.0.1+build1-0ubuntu0.11.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.